fkie_nvd - fkie_cve-2016-1420

fkie_cve-2016-1420

Vulnerability from fkie_nvd

Published

2016-06-10 01:59

Modified

2025-04-12 10:46

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347.

References

	URL	Tags
	psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-apic	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-apic	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	application_infrastructure_controller	-
cisco	application_policy_infrastructure_controller_firmware	1.0\(1e\)
cisco	application_policy_infrastructure_controller_firmware	1.0\(1h\)
cisco	application_policy_infrastructure_controller_firmware	1.0\(1k\)
cisco	application_policy_infrastructure_controller_firmware	1.0\(1n\)
cisco	application_policy_infrastructure_controller_firmware	1.0\(2j\)
cisco	application_policy_infrastructure_controller_firmware	1.0\(2m\)
cisco	application_policy_infrastructure_controller_firmware	1.0\(3f\)
cisco	application_policy_infrastructure_controller_firmware	1.0\(3i\)
cisco	application_policy_infrastructure_controller_firmware	1.0\(3k\)
cisco	application_policy_infrastructure_controller_firmware	1.0\(3n\)
cisco	application_policy_infrastructure_controller_firmware	1.0\(4h\)
cisco	application_policy_infrastructure_controller_firmware	1.0\(4o\)
cisco	application_policy_infrastructure_controller_firmware	1.1\(0.920a\)
cisco	application_policy_infrastructure_controller_firmware	1.1\(1j\)
cisco	application_policy_infrastructure_controller_firmware	1.1\(3f\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:application_infrastructure_controller:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E660D79C-0273-48AB-A8D9-CE9E5B29E9D8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(1e\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "139B6124-85F6-42E8-971A-DB856EF5AAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(1h\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FA151405-52B1-4083-93B2-3F5226103DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(1k\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F35AC2E8-3A51-4EC8-AE12-DC5487DEE407",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(1n\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "01DAF940-D3C7-4D17-8C82-C21186825FBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(2j\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5D63750F-DD3C-4A17-88FB-E4D3E2DB4605",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(2m\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "897EBF17-1CFB-4987-9924-212286BC2C65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(3f\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A5003326-DB6A-4E26-AE5E-8330BFED8BFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(3i\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5E955E14-4343-41CC-BF40-4C72509CA960",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(3k\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3750DA86-C98F-4893-8E55-A1315FD9A58A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(3n\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "540F030A-51DB-4406-A96A-0D355ECA38BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(4h\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "82636FE9-5B70-43DB-B6DE-1CAB249D3F3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(4o\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "AC741864-308B-4F54-9D48-84125DA0EEB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.1\\(0.920a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4DFCFD66-3A42-46A3-B8F4-BBEE722092BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.1\\(1j\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0860BE70-2F40-42BF-90E7-BE8D80C207AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.1\\(3f\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "03DD4841-B371-48E3-BD1F-67A60644E6B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347."
    },
    {
      "lang": "es",
      "value": "El componente de instalaci\u00f3n en dispositivos Cisco Application Policy Infrastructure Controller (APIC) con software en versiones anteriores a 1.3(2f) no maneja correctamente archivos binarios, lo que permite a usuarios locales obtener acceso root a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCuz72347."
    }
  ],
  "id": "CVE-2016-1420",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-10T01:59:05.037",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-apic"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-apic"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2016-1420 (GCVE-0-2016-1420)

Vulnerability from cvelistv5

Published

2016-06-10 01:00

Modified

2024-08-05 22:55

Severity ?

CWE

Summary

References

URL

Tags

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-apic

vendor-advisory, x_refsource_CISCO